Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)

Bob Proulx bob at
Thu Feb 27 06:38:58 AEDT 2020

Colin Watson wrote:
> No, the deprecation notice is talking about the key signature algorithm,
> not the key type.  SSH clients and servers agree a key signature
> algorithm as part of their protocol negotiation.  For RSA keys, all of
> "ssh-rsa", "rsa-sha2-256", and "rsa-sha2-512" exist, using SHA-1,
> SHA-256, and SHA-512 respectively as their hash algorithms.

Aha!  I was pretty sure the notice was not saying that a simple
reading of it made one think it was saying.

> Unfortunately, the string "ssh-rsa" is used as both a key type name in
> authorized_keys and as a key signature algorithm name, which has caused
> a good deal of confusion with this deprecation notice, but the two
> aren't actually the same thing.

Thank you for the clarification.  Hopefully as future notices are
posted some of this expanded language could be included so as to help
out others from experiencing the same confusion as already experienced
here.  And I was happy to see that I was not the only one who was
experiencing it!  Thanks also to the others that responded too.

> My understanding is (and more knowledgeable people should correct me if
> I'm wrong) that this deprecation notice affects the following people:

Thank you for the expansive description of the effects of this
notice.  This greatly clears up the problems reading the original
notice.  Thank you for describing this in detail.  It is much appreciated!

> Users of straightforward RSA public keys authenticating to reasonably
> modern and well-configured servers are not affected, and do not need to
> generate new keys, change their configuration, or migrate to different
> key types.

Very good then!  That is the word that I will pass along.

> HTH,

Yes.  Very much so!


More information about the openssh-unix-dev mailing list